Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

IDOR at https://account.mackeeper.com/at/load-reports/profile/<profile_id> leaks information about devices/licenses

Medium
C
Clario
Submitted None

Team Summary

Official summary from Clario

### Summary IDOR at `https://account.mackeeper.com/at/load-reports/profile/&lt;profile_id&gt;` leaks information about `devices/licenses` An attacker can access victim information via profile id ### Steps to reproduce go to account.mackeeper.com and login now go to: `https://account.mackeeper.com/at/load-reports/profile/+[USER PROFILE ID]+?type=0&amp;offset=0`

Actions:
View on HackerOne
Reported by m4ll0k

Report Details

Additional information and metadata

State

Closed

Substate

Resolved

Submitted

Weakness

Insecure Direct Object Reference (IDOR)